INTEGRATION BRIEF

Federal Agencies: Visualize Your Risk

via Vulnerability Attack Paths
With RedSeal and Rapid7 InsightVM or Nexpose

Federal agencies and systems integrators face unique security challenges. Often the
biggest hurdles to staying secure and compliant are gaining visibility into all areas INTEGRATION BENEFITS
of an ever-changing network, and being able to quickly understand the most likely
threat vectors to be leveraged by attackers. Continuously monitor
Organizations that integrate the rich vulnerability data from Rapid7s InsightVM or and track changes in your
Nexpose with RedSeal are empowered to clearly visualize their network risk and L2/L3 devices to respond
identify discrepancies with DISA STIG compliance. Utilizing RedSeal, security analysts quickly when something
can model real world attacks and analyze full attack paths within the network; that breaks compliance.
information can then be used to prioritize which vulnerabilities pose the greatest Harden your devices in
threat if successfully exploited. This joint solution enables increased remediation accordance with STIG
cycles and easier identification of asset-based network threats. compliances to mitigate
threat vectors targeted
HOW IT WORKS by attackers.

An InsightVM* scan is conducted to assess the risk posture of the systems within Remove blind spots in
an organization, with vulnerability results that include a calculated RealRisk Score your network to ensure
associated with each system. A task in RedSeal is created to query InsightVM on a all assets are scanned.
scheduled basis for the most up-to-date vulnerability information. An XML report is
generated via the API to export the results, and the vulnerability data is processed Use your own threat data
and stored within RedSeal for further analysis. and zero-day feeds with
a customizable threat
library.
DMZ
Prod DC Utilize threat modeling
to highlight the pathway
attackers can take from
www Database a compromised asset,
allowing for targeted
XML Corp HQ remediation prioritization
via API
Desktop Database File Server Web and deployment of
Server
additional defense layers.
Assessing Security Posture Ensure compensating
of Devices controls are effective
against difficult-to-patch
Visualizing Attack Path Analysis vulnerabilities.

*All mentions of Rapid7 InsightVM associated with its integration with RedSeal also apply to Rapid7 Nexpose.
072117
Figure 1: RedSeal console with vulnerability data

About RedSeal
RedSeal Networks is the leading
provider of network infrastructure
security management solutions
that continuously provide network
visualization and identify critical
attack risk and non-compliance in
complex security infrastructure.
It provides network, security,
and risk management teams
with a firm understanding of
where security is working,
where investment is needed,
and where greatest cyber-attack
How It Works risks lie. This understanding, or
security intelligence, enables
Step 1: InsightVM (or Nexpose) performs a security assessment
organizations to allocate resources
Step 2: A task is created to query InsightVM for latest vulnerabilities where needed most, embed best
Step 3: RedSeal calls the InsightVM API for the latest XML report practice into daily operations,
and take prioritized action where
Step 4: Vulnerabilities get mapped to the network access context
needed. The worlds largest
government and commercial
What You Need organizations use RedSeal security
intelligence to build world-class
Rapid7 InsightVM or Rapid7 Nexpose 6.4.47+
operations that systematically
RedSeal 8.4+ reduce attack risk over time.

SUPPORT About Rapid7

Please contact Rapid7 for support With Rapid7, technology and

or assistance at +1.866.380.8113 or security professionals gain the
support@rapid7.com. clarity, command, and confidence
to safely drive innovation and
protect against risk. We make
SALES it simple to collect operational
data across systems, eliminating
Please contact Rapid7 for sales blind spots and unlocking the
inquiries at +1.866.7.RAPID7 or information required to securely
federal@rapid7.com. develop, operate, and manage
todays sophisticated applications
and services. Our analytics and
science transform your data into
key insights so you can quickly
predict, deter, detect, and
remediate attacks and obstacles
to productivity. Armed with
Rapid7, technology professionals
finally gain the insights needed
to safely move their business
forward. To learn more about
Rapid7, visit www.rapid7.com.